BloodHound

LogoGitHub - SpecterOps/BloodHound-Legacy: Six Degrees of Domain AdminGitHub

BloodHound is a popular open-source security tool used for analyzing and visualizing the Active Directory (AD) permissions and trust relationships in Windows environments.

The tool is designed to gather information about AD objects, such as users, groups, computers, and trusts, and then process and analyze this data to create a graph database that represents the relationships and permissions within the AD domain.

While BloodHound comes with default queries such as 'Find All Domain Admins', custom queries can be added to ~/.config/bloodhound/customqueries.json. I'll include a list of custom queries I've collected from various sources on the internet.

11KB
customqueries.json
Open

BloodHound is a collector that ingests information gathered by tools such as BloodHound.py and SharpHound.exe.

BloodHound/SharpHound

LogoGitHub - dirkjanm/BloodHound.py: A Python based ingestor for BloodHoundGitHub
LogoGitHub - SpecterOps/SharpHound: C# Data Collector for BloodHoundGitHub

BloodHound.py is a Python-based BloodHound ingestor. It queries LDAP to gain information about the domain and the relationships between domain objects and outputs it in JSON files. The JSON files can then be ingested into BloodHound, allowing you to view the domain information graphically.

SharpHound.exe (C# version) and SharpHound.ps1 (PowerShell) has the same functionality as BloodHound.py but is meant to be run from the command line on a Windows-based computer. The output is also very similar to BloodHound.py, being JSON files that can be ingested into the BloodHound collector.

Linux
bloodhound.py -c All,LoggedOn -u weelee -p password -d weelee.zip --zip

The -c flag defines the collection methods you want bloodhound.py to do. All,LoggedOn encompasses all possible methods that bloodhound.py can do, but also generates a LOT of traffic so it isn't very stealthy if you care about that.

PreviousLocate Domain ControllersNextGo Dump Domain Info

Last updated